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NEW QUESTION 1 
- (Topic 1) 
Which type of password token involves time synchronization? 


A. Static password tokens 

B. Synchronous dynamic password tokens 
C. Asynchronous dynamic password tokens 
D. Challenge-response tokens 


Answer: B 


Explanation: 

Synchronous dynamic password tokens generate a new unique password value at fixed time intervals, so the server and token need to be synchronized for the 
password to be accepted. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 37). 

Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 4: Access Control (page 136). 


NEW QUESTION 2 
- (Topic 1) 
The type of discretionary access control (DAC) that is based on an individual's identity is also called: 


A. ldentity-based Access control 

B. Rule-based Access control 

C. Non-Discretionary Access Control 
D. Lattice-based Access control 


Answer: A 


Explanation: 

An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an individual's identity. 

DAC is good for low level security environment. The owner of the file decides who has access to the file. 

If a user creates a file, he is the owner of that file. An identifier for this user is placed in the file header and/or in an access control matrix within the operating 
system. 

Ownership might also be granted to a specific individual. For example, a manager for a certain department might be made the owner of the files and resources 
within her department. A system that uses discretionary access control (DAC) enables the owner of the resource to specify which subjects can access specific 
resources. 

This model is called discretionary because the control of access is based on the discretion of the owner. Many times department managers, or business unit 
managers , are the owners of the data within their specific department. Being the owner, they can specify who should have access and who should not. 
Reference(s) used for this question: 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 220). McGraw- Hill . Kindle Edition. 


NEW QUESTION 3 
- (Topic 1) 
Controlling access to information systems and associated networks is necessary for the preservation of their: 


A. Authenticity, confidentiality and availability 

B. Confidentiality, integrity, and availability. 

C. integrity and availability. 

D. authenticity,confidentiality, integrity and availability. 


Answer: B 


Explanation: 
Controlling access to information systems and associated networks is necessary for the preservation of their confidentiality, integrity and availability. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 31. 


NEW QUESTION 4 
- (Topic 1) 
Smart cards are an example of which type of control? 


A. Detective control 

B. Administrative control 
C. Technical control 

D. Physical control 


Answer: C 


Explanation: 

Logical or technical controls involve the restriction of access to systems and the protection of information. Smart cards and encryption are examples of these types 
of control. 

Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative 
controls are commonly referred to as ??soft controls?? because they are more management-oriented. Examples of administrative controls are security 
documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in 
firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. 
Examples of physical controls are security guards, locks, fencing, and lighting. 

Many types of technical controls enable a user to access a system and the resources within that system. A technical control may be a username and password 
combination, a Kerberos implementation, biometrics, public key infrastructure (PKI), RADIUS, TACACS +, or authentication using a smart card through a reader 
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connected to a system. These technologies verify the user is who he says he is by using different types of authentication methods. Once a user is properly 
authenticated, he can be authorized and allowed access to network resources. 

Reference(s) used for this question: 

Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 245). McGraw- Hill. Kindle Edition. 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access 
control systems (page 32). 


NEW QUESTION 5 

- (Topic 1) 

Physical security is accomplished through proper facility construction, fire and water 

protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following is not a 
component that achieves this type of security? 


A. Administrative control mechanisms 
B. Integrity control mechanisms 

C. Technical control mechanisms 

D. Physical control mechanisms 


Answer: B 


Explanation: 

Integrity Controls Mechanisms are not part of physical security. All of the other detractors were correct this one was the wrong one that does not belong to 
Physical Security. Below you have more details extracted from the SearchSecurity web site: Information security depends on the security and management of the 
physical space in which computer systems operate. Domain 9 of the CISSP exam's Common Body of Knowledge addresses the challenges of securing the 
physical space, its systems and the people who work within it by use of administrative, technical and physical controls. The following QUESTION NO: s are 
covered: 

Facilities management: The administrative processes that govern the maintenance and protection of the physical operations space, from site selection through 
emergency response. 

Risks, issues and protection strategies: Risk identification and the selection of security protection components. 

Perimeter security: Typical physical protection controls. 

Facilities management 
Facilities management is a complex component of corporate security that ranges from the planning of a secure physical site to the management of the physical 
information system environment. Facilities management responsibilities include site selection and physical security planning (i.e. facility construction, design and 
layout, fire and water damage protection, antitheft mechanisms, intrusion detection and security procedures.) Protections must extend to both people and assets. 
The necessary level of protection depends on the value of the assets and data. CISSP® candidates must learn the concept of critical-path analysis as a means of 
determining a component's business function criticality relative to the cost of operation and replacement. Furthermore, students need to gain an understanding of 
the optimal location and physical attributes of a secure facility. Among the QUESTION NO: s covered in this domain are site inspection, location, accessibility and 
obscurity, considering the area crime rate, and the likelihood of natural hazards such as floods or earthquakes. 

This domain also covers the quality of construction material, such as its protective qualities and load capabilities, as well as how to lay out the structure to minimize 
risk of forcible entry and accidental damage. Regulatory compliance is also touched on, as is preferred proximity to civil protection services, such as fire and police 
stations. Attention is given to computer and equipment rooms, including their location, configuration (entrance/egress requirements) and their proximity to wiring 
distribution centers at the site. 

Physical risks, issues and protection strategies 
An overview of physical security risks includes risk of theft, service interruption, physical damage, compromised system integrity and unauthorized disclosure of 
information. Interruptions to business can manifest due to loss of power, services, telecommunications connectivity and water supply. These can also seriously 
compromise electronic security monitoring alarm/response devices. Backup options are also covered in this domain, as is a strategy for quantifying the risk 
exposure by simple formula. 

Investment in preventive security can be costly. Appropriate redundancy of people skills, systems and infrastructure must be based on the criticality of the data and 
assets to be preserved. Therefore a strategy is presented that helps determine the selection of cost appropriate controls. Among the QUESTION NO: s covered in 
this domain are regulatory and legal requirements, common standard security protections such as locks and fences, and the importance of establishing service 
level agreements for maintenance and disaster support. Rounding out the optimization approach are simple calculations for determining mean time between failure 
and mean time to repair (used to estimate average equipment life expectancy) ?? essential for estimating the cost/benefit of purchasing and maintaining redundant 
equipment. 

As the lifeblood of computer systems, special attention is placed on adequacy, quality and protection of power supplies. CISSP candidates need to understand 
power supply concepts and terminology, including those for quality (i.e. transient noise vs. clean power); types of interference (EMI and RFI); and types of 
interruptions such as power excess by spikes and surges, power loss by fault or blackout, and power degradation from sags and brownouts. A simple formula is 
presented for determining the total cost per hour for backup power. Proving power reliability through testing is recommended and the advantages of three power 
protection approaches are discussed (standby UPS, power line conditioners and backup sources) including minimum requirements for primary and alternate power 
provided. 

Environmental controls are explored in this domain, including the value of positive pressure water drains and climate monitoring devices used to control 
temperature, humidity and reduce static electricity. Optimal temperatures and humidity settings are provided. 

Recommendations include strict procedures during emergencies, preventing typical risks (such as blocked fans), and the use of antistatic armbands and 
hygrometers. Positive pressurization for proper ventilation and monitoring for air born contaminants is stressed. 

The pros and cons of several detection response systems are deeply explored in this domain. The concept of combustion, the classes of fire and fire extinguisher 
ratings are detailed. Mechanisms behind smoke-activated, heat-activated and flame-activated devices and Automatic Dial-up alarms are covered, along with their 
advantages, costs and shortcomings. Types of fire sources are distinguished and the effectiveness of fire suppression methods for each is included. For instance, 
Halon and its approved replacements are covered, as are the advantages and the inherent risks to equipment of the use of water sprinklers. 

Administrative controls 

The physical security domain also deals with administrative controls applied to physical sites and assets. The need for skilled personnel, knowledge sharing 
between them, separation of duties, and appropriate oversight in the care and maintenance of equipment and environments is stressed. A list of management 
duties including hiring checks, employee maintenance activities and recommended termination procedures is offered. Emergency measures include accountability 
for evacuation and system shutdown procedures, integration with disaster and business continuity plans, assuring documented procedures are easily available 
during different types of emergencies, the scheduling of periodic equipment testing, administrative reviews of documentation, procedures and recovery plans, 
responsibilities delegation, and personnel training and drills. 

Perimeter security 

Domain nine also covers the devices and techniques used to control access to a space. These include access control devices, surveillance monitoring, intrusion 
detection and corrective actions. Specifications are provided for optimal external boundary protection, including fence heights and placement, and lighting 
placement and types. Selection of door types and lock characteristics are covered. Surveillance methods and intrusion-detection methods are explained, including 
the use of video monitoring, guards, dogs, proximity detection systems, photoelectric/ohotometric systems, wave pattern devices, passive infrared systems, and 
sound and motion detectors, and current flow sensitivity devices that specifically address computer theft. Room lock types ?? both preset and cipher locks (and 
their variations) -- device locks, such as portable laptop locks, lockable server bays, switch control locks and slot locks, port controls, peripheral switch controls and 
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cable trap locks are also covered. Personal access control methods used to identify authorized users for site entry are covered at length, noting social engineering 
risks such as piggybacking. Wireless proximity devices, both user access and system sensing readers are covered (i.e. transponder based, passive devices and 
field powered devices) in this domain. 

Now that you've been introduced to the key concepts of Domain 9, watch the Domain 9, Physical Security video 

Return to the CISSP Essentials Security School main page 

See all SearchSecurity.com's resources on CISSP certification training Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- 
Hill/Osborne, 2001, Page 280. 


NEW QUESTION 6 
- (Topic 1) 
What is the main concern with single sign-on? 


A. Maximum unauthorized access would be possible if a password is disclosed. 
B. The security administrator's workload would increase. 

C. The users’ password would be too hard to remember. 

D. User access rights would be increased. 


Answer: A 


Explanation: 

A major concern with Single Sign-On (SSO) is that if a user's ID and password are compromised, the intruder would have access to all the systems that the user 
was authorized for. 

The following answers are incorrect: 

The security administrator's workload would increase. Is incorrect because the security administrator's workload would decrease and not increase. The admin 
would not be responsible for maintaining multiple user accounts just the one. 

The users’ password would be too hard to remember. Is incorrect because the users would have less passwords to remember. 

User access rights would be increased. Is incorrect because the user access rights would not be any different than if they had to log into systems manually. 


NEW QUESTION 7 

- (Topic 1) 

Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's 
identity which permit access to system services? 


A. Single Sign-On 
B. Dynamic Sign-On 
C. Smart cards 

D. Kerberos 


Answer: A 


Explanation: 

SSO can be implemented by using scripts that replay the users multiple log- ins against authentication servers to verify a user's identity and to permit access to 
system services. 

Single Sign on was the best answer in this case because it would include Kerberos. When you have two good answers within the 4 choices presented you must 
select the 

BEST one. The high level choice is always the best. When one choice would include the 

other one that would be the best as well. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 40. 


NEW QUESTION 8 
- (Topic 1) 
Crime Prevention Through Environmental Design (CPTED) is a discipline that: 


A. Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. 

B. Outlines how the proper design of the logical environment can reduce crime by directly affecting human behavior. 

C. Outlines how the proper design of the detective control environment can reduce crime by directly affecting human behavior. 

D. Outlines how the proper design of the administrative control environment can reduce crime by directly affecting human behavior. 


Answer: A 


Explanation: 

Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by 
directly affecting human behavior. It provides guidance about lost and crime prevention through proper facility contruction and environmental components and 
procedures. 

CPTED concepts were developed in the 1960s. They have been expanded upon and have matured as our environments and crime types have evolved. CPTED 
has been used not just to develop corporate physical security programs, but also for large-scale activities such as development of neighborhoods, towns, and 
cities. It addresses landscaping, entrances, facility and neighborhood layouts, lighting, road placement, and traffic circulation patterns. It looks at 
microenvironments, such as offices and rest-rooms, and macroenvironments, like campuses and cities. 

Reference(s) used for this question: 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 435). McGraw- Hill. Kindle Edition. 

and 

CPTED Guide Book 


NEW QUESTION 9 
- (Topic 1) 
What refers to legitimate users accessing networked services that would normally be restricted to them? 


A. Spoofing 
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B. Piggybacking 
C. Eavesdropping 
D. Logon abuse 


Answer: D 


Explanation: 

Unauthorized access of restricted network services by the circumvention of security access controls is known as logon abuse. This type of abuse refers to users 
who may be internal to the network but access resources they would not normally be allowed. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep 
Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: 

Telecommunications and Network Security (page 74). 


NEW QUESTION 10 
- (Topic 1) 
To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up: 


A. Access Rules 

B. Access Matrix 

C. Identification controls 
D. Access terminal 


Answer: A 


Explanation: 

Controlling access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up access rules. 
These rules can be classified into three access control models: Mandatory, Discretionary, and Non-Discretionary. 

An access matrix is one of the means used to implement access control. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 


NEW QUESTION 10 

- (Topic 1) 

Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource 
access? 


A. Smart cards 

B. Single Sign-On (SSO) 

C. Symmetric Ciphers 

D. Public Key Infrastructure (PKI) 


Answer: B 


Explanation: 

The advantages of SSO include having the ability to use stronger passwords, easier administration as far as changing or deleting the passwords, minimize the 
risks of orphan accounts, and requiring less time to access resources. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 39. 


NEW QUESTION 15 
- (Topic 1) 
In the Bell-LaPadula model, the Star-property is also called: 


A. The simple security property 
B. The confidentiality property 
C. The confinement property 
D. The tranquility property 


Answer: B 


Explanation: 

The Bell-LaPadula model focuses on data confidentiality and access to classified information, in contrast to the Biba Integrity Model which describes rules for the 
protection of data integrity. 

In this formal model, the entities in an information system are divided into subjects and objects. 

The notion of a "secure state" is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby proving 
that the system satisfies the security objectives of the model. 

The Bell-LaPadula model is built on the concept of a state machine with a set of allowable states in a system. The transition from one state to another state is 
defined by transition functions. 

A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a security policy. 

To determine whether a specific access mode is allowed, the clearance of a subject is compared to the classification of the object (more precisely, to the 
combination of classification and set of compartments, making up the security level) to determine if the subject is authorized for the specific access mode. 

The clearance/classification scheme is expressed in terms of a lattice. The model defines two mandatory access control (MAC) rules and one discretionary access 
control (DAC) rule with three security properties: 

The Simple Security Property - a subject at a given security level may not read an object at a higher security level (no read-up). 

The property (read "star"-property) - a subject at a given security level must not write to any object at a lower security level (no write-down). The property is also 
known as the Confinement property. 

The Discretionary Security Property - use an access control matrix to specify the discretionary access control. 

The transfer of information from a high-sensitivity document to a lower-sensitivity document may happen in the Bell-LaPadula model via the concept of trusted 
subjects. Trusted Subjects are not restricted by the property. Untrusted subjects are. 

Trusted Subjects must be shown to be trustworthy with regard to the security policy. This security model is directed toward access control and is characterized by 
the phrase: "no read up, no write down." Compare the Biba model, the Clark-Wilson model and the Chinese Wall. 

With Bell-LaPadula, users can create content only at or above their own security level (i.e. secret researchers can create secret or top-secret files but may not 
create public files; no write-down). Conversely, users can view content only at or below their own security level 
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(i.e. secret researchers can view public or secret files, but may not view top-secret files; no read-up). 

Strong Property 

The Strong Property is an alternative to the Property in which subjects may write to objects with only a matching security level. Thus, the write-up operation 
permitted in the usual Property is not present, only a write-to-same level operation. The Strong Property is usually discussed in the context of multilevel database 
management systems and is motivated by integrity concerns. 

Tranquility principle 

The tranquility principle of the Bell-LaPadula model states that the classification of a subject or object does not change while it is being referenced. There are two 
forms to the tranquility principle: the "principle of strong tranquility" states that security levels do not change during the normal operation of the system and the 
"principle of weak tranquility" states that security levels do not change in a way that violates the rules of a given security policy. 

Another interpretation of the tranquility principles is that they both apply only to the period of time during which an operation involving an object or subject is 
occurring. That is, the strong tranquility principle means that an object's security level/label will not change during an operation (such as read or write); the weak 
tranquility principle means that an object's security level/label may change in a way that does not violate the security policy during an operation. 

Reference(s) used for this question: http://en.wikipedia.org/wiki/Biba_Model 

http://en.wikipedia.org/wiki/Mandatory_access_control http://en.wikipedia.org/wiki/Discretionary_access_control http://en.wikipedia.org/wiki/Clark-Wilson_model 
http://en.wikipedia.org/wiki/Brewer_and_Nash_model 


NEW QUESTION 17 
- (Topic 1) 
What is the most critical characteristic of a biometric identifying system? 


A. Perceived intrusiveness 
B. Storage requirements 
C. Accuracy 

D. Scalability 


Answer: C 


Explanation: 

Accuracy is the most critical characteristic of a biometric identifying verification system. 

Accuracy is measured in terms of false rejection rate (FRR, or type | errors) and false acceptance rate (FAR or type II errors). 

The Crossover Error Rate (CER) is the point at which the FRR equals the FAR and has become the most important measure of biometric system accuracy. 
Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 1, Biometric 
Identification (page 9). 


NEW QUESTION 22 
- (Topic 1) 
Controls to keep password sniffing attacks from compromising computer systems include which of the following? 


A. static and recurring passwords. 
B. encryption and recurring passwords. 
C. one-time passwords and encryption. 
D. static and one-time passwords. 


Answer: C 


Explanation: 

To minimize the chance of passwords being captured one-time passwords would prevent a password sniffing attack because once used it is no longer valid. 
Encryption will also minimize these types of attacks. 

The following answers are correct: 

static and recurring passwords. This is incorrect because if there is no encryption then someone password sniffing would be able to capture the password much 
easier if it never changed. 

encryption and recurring passwords. This is incorrect because while encryption helps, recurring passwords do nothing to minimize the risk of passwords being 
captured. 

static and one-time passwords. This is incorrect because while one-time passwords will prevent these types of attacks, static passwords do nothing to minimize the 
risk of passwords being captured. 


NEW QUESTION 24 
- (Topic 1) 
Which of the following is NOT a system-sensing wireless proximity card? 


A. magnetically striped card 
B. passive device 

C. field-powered device 

D. transponder 


Answer: A 


Explanation: 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 342. 


NEW QUESTION 27 
- (Topic 1) 
Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? 


A. The Take-Grant model 

B. The Biba integrity model 

C. The Clark Wilson integrity model 
D. The Bell-LaPadula integrity model 
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Answer: C 


Explanation: 

The Clark Wilson integrity model addresses the three following integrity goals: 1) data is protected from modification by unauthorized users; 2) data is protected 
from unauthorized modification by authorized users; and 3) data is internally and externally consistent. It also defines a Constrained Data Item (CDI), an Integrity 
Verification Procedure (IVP), a Transformation Procedure (TP) and an Unconstrained Data item. The Bell-LaPadula and Take-Grant models are not integrity 
models. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architecture and Models (page 205). 


NEW QUESTION 29 
- (Topic 1) 
Which of the following access control models is based on sensitivity labels? 


A. Discretionary access control 
B. Mandatory access control 
C. Rule-based access control 
D. Role-based access control 


Answer: B 


Explanation: 

Access decisions are made based on the clearance of the subject and the sensitivity label of the object. 

Example: Eve has a "Secret" security clearance and is able to access the "Mugwump Missile Design Profile" because its sensitivity label is "Secret." She is denied 
access to the "Presidential Toilet Tissue Formula" because its sensitivity label is "Top Secret." 

The other answers are not correct because: 

Discretionary Access Control is incorrect because in DAC access to data is determined by the data owner. For example, Joe owns the "Secret Chili Recipe" and 
grants read access to Charles. 

Role Based Access Control is incorrect because in RBAC access decsions are made based on the role held by the user. For example, Jane has the role "Auditor" 
and that role includes read permission on the "System Audit Log.” 

Rule Based Access Control is incorrect because it is a form of MAC. A good example would be a Firewall where rules are defined and apply to anyone connecting 
through the firewall. 

References: 

Allin One third edition, page 164. Official ISC2 Guide page 187. 


NEW QUESTION 32 

- (Topic 1) 

Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the following statements pertaining to these 
types of controls is correct? 


A. Examples of these types of controls include policies and procedures, securityawareness training, background checks, work habit checks but do not include a 
review of vacation history, and also do not include increased supervision. 

B. Examples of these types of controls do not include encryption, smart cards, access lists, and transmission protocols. 

C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols. 

D. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation 
history, and increased supervision. 


Answer: C 


Explanation: 

Logical or technical controls involve the restriction of access to systems and the protection of information. Examples of these types of controls are encryption, 
smart cards, access lists, and transmission protocols. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 


NEW QUESTION 35 
- (Topic 1) 
Organizations should consider which of the following first before allowing external access to their LANs via the Internet? 


A. plan for implementing workstation locking mechanisms. 

B. plan for protecting the modem pool. 

C. plan for providing the user with his account usage information. 
D. plan for considering proper authentication options. 


Answer: D 


Explanation: 

Before a LAN is connected to the Internet, you need to determine what the 

access controls mechanisms are to be used, this would include how you are going to authenticate individuals that may access your network externally through 
access control. 

The following answers are incorrect: 

plan for implementing workstation locking mechanisms. This is incorrect because locking the workstations have no impact on the LAN or Internet access. 

plan for protecting the modem pool. This is incorrect because protecting the modem pool has no impact on the LAN or Internet access, it just protects the modem. 
plan for providing the user with his account usage information. This is incorrect because the question asks what should be done first. While important your primary 
concern should be focused on security. 


NEW QUESTION 37 
- (Topic 1) 
Which of the following biometric devices has the lowest user acceptance level? 
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A. Retina Scan 

B. Fingerprint scan 

C. Hand geometry 

D. Signature recognition 


Answer: A 


Explanation: 
According to the cited reference, of the given options, the Retina scan has the lowest user acceptance level as it is needed for the user to get his eye close to a 
device and it is not user friendly and very intrusive. 
However, retina scan is the most precise with about one error per 10 millions usage. Look at the 2 tables below. If necessary right click on the image and save it on 
your 
desktop for a larger view or visit the web site directly at 
https://sites.google.com/site/biometricsecuritysolutions/crossover-accuracy . Biometric Comparison Chart 
BIOMETRICS COMPARISON CHART 
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Biometric Aspect Descriptions Reference(s) used for this question: 

RHODES, Keith A., Chief Technologist, United States General Accounting Office, National Preparedness, Technologies to Secure Federal Buildings, April 2002 
(page 10). 

and 

https://sites.google.com/site/biometricsecuritysolutions/crossover-accuracy 


NEW QUESTION 39 
- (Topic 1) 
The end result of implementing the principle of least privilege means which of the following? 


A. Users would get access to only the info for which they have a need to know 
B. Users can access all systems. 

C. Users get new privileges added when they change positions. 

D. Authorization creep. 


Answer: A 


Explanation: 

The principle of least privilege refers to allowing users to have only the access they need and not anything more. Thus, certain users may have no need to access 
any of the files on specific systems. 

The following answers are incorrect: 

Users can access all systems. Although the principle of least privilege limits what access and systems users have authorization to, not all users would have a need 
to know to access all of the systems. The best answer is still Users would get access to only the info for which they have a need to know as some of the users may 
not have a need to access a system. 

Users get new privileges when they change positions. Although true that a user may indeed require new privileges, this is not a given fact and in actuality a user 
may require less privileges for a new position. The principle of least privilege would require that the rights required for the position be closely evaluated and where 
possible rights revoked. 

Authorization creep. Authorization creep occurs when users are given additional rights with new positions and responsibilities. The principle of least privilege 
should actually prevent authorization creep. 

The following reference(s) were/was used to create this question: ISC2 OIG 2007 p.101,123 

Shon Harris AlO v3 p148, 902-903 


NEW QUESTION 42 

- (Topic 1) 

Which of the following control pairings include: organizational policies and procedures, pre- employment background checks, strict hiring practices, employment 
agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior 
awareness, and sign-up procedures to obtain access to information systems and networks? 
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A. Preventive/Administrative Pairing 
B. Preventive/Technical Pairing 

C. Preventive/Physical Pairing 

D. Detective/Administrative Pairing 


Answer: A 


Explanation: 

The Answer: Preventive/Administrative Pairing: These mechanisms include organizational policies and procedures, pre-employment background checks, strict 
hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling of sensitive materials, increased 
supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34. 


NEW QUESTION 43 
- (Topic 1) 
Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used) ? 


A. A subject is not allowed to read up. 

B. The property restriction can be escaped by temporarily downgrading a high level subject. 
C. A subject is not allowed to read down. 

D. It is restricted to confidentiality. 


Answer: C 


Explanation: 

It is not a property of Bell LaPadula model. The other answers are incorrect because: 

A subject is not allowed to read up is a property of the 'simple security rule’ of Bell LaPadula model. 

The property restriction can be escaped by temporarily downgrading a high level subject can be escaped by temporarily downgrading a high level subject or by 
identifying a set of trusted objects which are permitted to violate the property as long as it is not in the middle of an operation. 

It is restricted to confidentiality as it is a state machine model that enforces the confidentiality aspects of access control. 

Reference: Shon Harris AlO v3 , Chapter-5 : Security Models and Architecture , Page:279- 

282 


NEW QUESTION 47 
- (Topic 1) 
Guards are appropriate whenever the function required by the security program involves which of the following? 


A. The use of discriminating judgment 

B. The use of physical force 

C. The operation of access control devices 
D. The need to detect unauthorized access 


Answer: A 


Explanation: 

The Answer The use of discriminating judgment, a guard can make the determinations that hardware or other automated security devices cannot make due to its 
ability to adjust to rapidly changing conditions, to learn and alter recognizable patterns, and to respond to various conditions in the environment. Guards are better 
at making value decisions at times of incidents. They are appropriate whenever immediate, discriminating judgment is required by the security entity. 

The following answers are incorrect: 

The use of physical force This is not the best answer. A guard provides discriminating judgment, and the ability to discern the need for physical force. 

The operation of access control devices A guard is often uninvolved in the operations of an automated access control device such as a biometric reader, a smart 
lock, mantrap, etc. The need to detect unauthorized access The primary function of a guard is not to detect unauthorized access, but to prevent unauthorized 
physical access attempts and may deter social engineering attempts. 

The following reference(s) were/was used to create this question: 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: 
Physical security (page 339). 

Source: ISC2 Offical Guide to the CBK page 288-289. 


NEW QUESTION 48 
- (Topic 1) 
Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ? 


A. TCSEC 
B. ITSEC 

C. DIACAP 
D. NIACAP 


Answer: A 


Explanation: 

The Answer TCSEC; The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications. 

Initially issued by the National Computer Security Center (NCSC) an arm of the National Security Agency in 1983 and then updated in 1985, TCSEC was replaced 
with the development of the Common Criteria international standard originally published in 2005. 

References: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 197-199. 

Wikepedia http://en.wikipedia.org/wiki/TCSEC 


NEW QUESTION 52 
- (Topic 1) 
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For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)? 


A. 3' to 4' high 

B. 6' to 7' high 

C. 8' high and above with strands of barbed wire 
D. Double fencing 


Answer: D 


Explanation: 

The most commonly used fence is the chain linked fence and it is the most affordable. The standard is a six-foot high fence with two-inch mesh square openings. 
The material should consist of nine-gauge vinyl or galvanized metal. Nine-gauge is a typical fence material installed in residential areas. 

Additionally, it is recommended to place barbed wire strands angled out from the top of the fence at a 45?? angle and away from the protected area with three 
strands running across the top. This will provide for a seven-foot fence. There are several variations of the use of ??top guards?? using V-shaped barbed wire or 
the use of concertina wire as an enhancement, which has been a replacement for more traditional three strand barbed wire ??top guards.?? 

The fence should be fastened to ridged metal posts set in concrete every six feet with additional bracing at the corners and gate openings. The bottom of the fence 
should be stabilized against intruders crawling under by attaching posts along the bottom to keep the fence from being pushed or pulled up from the bottom. If the 
soil is sandy, the bottom edge of the fence should be installed below ground level. 

For maximum security design, the use of double fencing with rolls of concertina wire positioned between the two fences is the most effective deterrent and cost- 
efficient method. In this design, an intruder is required to use an extensive array of ladders and equipment to breach the fences. 

Most fencing is largely a psychological deterrent and a boundary marker rather than a barrier, because in most cases such fences can be rather easily penetrated 
unless added security measures are taken to enhance the security of the fence. Sensors attached to the fence to provide electronic monitoring of cutting or scaling 
the fence can be used. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 24416-24431). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 57 
- (Topic 1) 
What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time? 


A. Authentication 
B. Identification 
C. Integrity 

D. Confidentiality 


Answer: A 


Explanation: 
Authentication is verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. 


NEW QUESTION 59 
- (Topic 1) 
When submitting a passphrase for authentication, the passphrase is converted into ... 


A. a virtual password by the system 

B. a new passphrase by the system 

C. a new passphrase by the encryption technology 

D. areal password by the system which can be used forever 


Answer: A 


Explanation: 

Passwords can be compromised and must be protected. In the ideal case, a password should only be used once. The changing of passwords can also fall 
between these two extremes. 

Passwords can be required to change monthly, quarterly, or at other intervals, depending on the criticality of the information needing protection and the password's 
frequency of use. 

Obviously, the more times a password is used, the more chance there is of it being compromised. 

It is recommended to use a passphrase instead of a password. A passphrase is more resistant to attacks. The passphrase is converted into a virtual password by 
the system. Often time the passphrase will exceed the maximum length supported by the system and it must be trucated into a Virtual Password. 

Reference(s) used for this question: http://www. itl.nist.gov/fipspubs/fip1 12.htm 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36 & 37. 


NEW QUESTION 63 
- (Topic 1) 
Which of the following statements pertaining to access control is false? 


A. Users should only access data on a need-to-know basis. 

B. If access is not explicitly denied, it should be implicitly allowed. 

C. Access rights should be granted based on the level of trust a company has on a subject. 
D. Roles can be an efficient way to assign rights to a type of user who performs certain tasks. 


Answer: B 
Explanation: 
Access control mechanisms should default to no access to provide the necessary level of security and ensure that no security holes go unnoticed. If access is not 


explicitly allowed, it should be implicitly denied. 
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, Chapter 4: Access Control (page 143). 
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NEW QUESTION 64 
- (Topic 1) 
The Orange Book is founded upon which security policy model? 


A. The Biba Model 

B. The Bell LaPadula Model 
C. Clark-Wilson Model 

D. TEMPEST 


Answer: B 


Explanation: 

From the glossary of Computer Security Basics: 

The Bell-LaPadula model is the security policy model on which the Orange Book requirements are based. From the Orange Book definition, "A formal state 
transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into 
abstract sets of subjects and objects. The notion of secure state is defined and it is proven that each state transition preserves security by moving from secure 
state to secure state; thus, inductively proving the system is secure. A system state is defined to be 'secure' if the only permitted access modes of subjects to 
objects are in accordance with a specific security policy. In order to determine whether or not a specific access mode is allowed, the clearance of a subject is 
compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode." 

The Biba Model is an integrity model of computer security policy that describes a set of rules. In this model, a subject may not depend on any object or other 
subject that is less trusted than itself. 

The Clark Wilson Model is an integrity model for computer security policy designed for a commercial environment. It addresses such concepts as nondiscretionary 
access control, privilege separation, and least privilege. TEMPEST is a government program that prevents the compromising electrical and electromagnetic signals 
that emanate from computers and related equipment from being intercepted and deciphered. 

Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991. 

Also: U.S. Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DOD 5200.28-STD. December 1985 (also available here). 


NEW QUESTION 67 
- (Topic 1) 
Which of the following questions is less likely to help in assessing physical access controls? 


A. Does management regularly review the list of persons with physical access to sensitive facilities? 

B. Is the operating system configured to prevent circumvention of the security software and application controls? 
C. Are keys or other access devices needed to enter the computer room and media library? 

D. Are visitors to sensitive areas signed in and escorted? 


Answer: B 


Explanation: 

Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting 
infrastructures against threats associated with their physical environment. All the questions above are useful in assessing physical access controls except for the 
one regarding operating system configuration, which is a logical access control. 

Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self- Assessment Guide for Information Technology Systems, November 2001 (Pages 
A-21 to A-24). 


NEW QUESTION 71 
- (Topic 1) 
Which of the following is an example of discretionary access control? 


A. ldentity-based access control 
B. Task-based access control 
C. Role-based access control 
D. Rule-based access control 


Answer: A 


Explanation: 

An identity-based access control is an example of discretionary access control that is based on an individual's identity. Identity-based access control (IBAC) is 
access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user) where access authorizations to 
specific objects are assigned based on user identity. 

Rule Based Access Control (RUBAC) and Role Based Access Control (RBAC) are 

examples of non-discretionary access controls. 

Rule-based access control is a type of non-discretionary access control because this access is determined by rules and the subject does not decide what those 
rules will be, the rules are uniformly applied to ALL of the users or subjects. 

In general, all access control policies other than DAC are grouped in the category of non- discretionary access control (NDAC). As the name implies, policies in 
this category have rules that are not established at the discretion of the user. Non-discretionary policies establish controls that cannot be changed by users, but 
only through administrative action. 

Both Role Based Access Control (RBAC) and Rule Based Access Control (RUBAC) fall within Non Discretionary Access Control (NDAC). If it is not DAC or MAC 
then it is most likely NDAC. 

BELOW YOU HAVE A DESCRIPTION OF THE DIFFERENT CATEGORIES: 

MAC = Mandatory Access Control 

Under a mandatory access control environment, the system or security administrator will define what permissions subjects have on objects. The administrator does 
not dictate user??s access but simply configure the proper level of access as dictated by the Data Owner. 

The MAC system will look at the Security Clearance of the subject and compare it with the object sensitivity level or classification level. This is what is called the 
dominance relationship. 

The subject must DOMINATE the object sensitivity level. Which means that the subject must have a security clearance equal or higher than the object he is 
attempting to access. 

MAC also introduce the concept of labels. Every objects will have a label attached to them indicating the classification of the object as well as categories that are 
used to impose the need to know (NTK) principle. Even thou a user has a security clearance of Secret it does not mean he would be able to access any Secret 
documents within the system. He would be allowed to access only Secret document for which he has a Need To Know, formal approval, and object where the user 
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belong to one of the categories attached to the object. 

If there is no clearance and no labels then IT IS NOT Mandatory Access Control. 

Many of the other models can mimic MAC but none of them have labels and a dominance 

relationship so they are NOT in the MAC category. 

DAC = Discretionary Access Control 

DAC is also known as: Identity Based access control system. 

The owner of an object is define as the person who created the object. As such the owner has the discretion to grant access to other users on the network. Access 
will be granted based solely on the identity of those users. 

Such system is good for low level of security. One of the major problem is the fact that a user who has access to someone's else file can further share the file with 
other users without the knowledge or permission of the owner of the file. Very quickly this could become the wild wild west as there is no control on the 
dissimination of the information. 

RBAC = Role Based Access Control 

RBAC is a form of Non-Discretionary access control. 

Role Based access control usually maps directly with the different types of jobs performed by employees within a company. 

For example there might be 5 security administrator within your company. Instead of creating each of their profile one by one, you would simply create a role and 
assign the administrators to the role. Once an administrator has been assigned to a role, he will IMPLICITLY inherit the permissions of that role. 

RBAC is great tool for environment where there is a a large rotation of employees on a daily basis such as a very large help desk for example. 

RBAC or RuBAC = Rule Based Access Control RuBAC is a form of Non-Discretionary access control. 

A good example of a Rule Based access control device would be a Firewall. A single set of rules is imposed to all users attempting to connect through the firewall. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the 

Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. and 

NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf and 

http://itlaw.wikia.com/wiki/Identity-based_access_control 


NEW QUESTION 75 

- (Topic 1) 

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such 
as in a biometric authentication system, the system becomes increasingly selective and has the possibility of generating: 


A. Lower False Rejection Rate (FRR) 
B. Higher False Rejection Rate (FRR) 
C. Higher False Acceptance Rate (FAR) 
D. It will not affect either FAR or FRR 


Answer: B 


Explanation: 

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such 
as in a biometric authentication system, the system becomes increasingly selective and has a higher False Rejection Rate (FRR). 

Conversely, if the sensitivity is decreased, the False Acceptance Rate (FRR) will increase. Thus, to have a valid measure of the system performance, the Cross 
Over Error (CER) rate is used. The Crossover Error Rate (CER) is the point at which the false rejection rates and the false acceptance rates are equal. The lower 
the value of the CER, the more accurate the system. 

There are three categories of biometric accuracy measurement (all represented as percentages): 

False Reject Rate (a Type | Error): When authorized users are falsely rejected as unidentified or unverified. 

False Accept Rate (a Type II Error): When unauthorized persons or imposters are falsely accepted as authentic. 

Crossover Error Rate (CER): The point at which the false rejection rates and the false acceptance rates are equal. The smaller the value of the CER, the more 
accurate the system. 

NOTE: 

Within the ISC2 book they make use of the term Accept or Acceptance and also Reject or Rejection when referring to the type of errors within biometrics. Below 
we make use of Acceptance and Rejection throughout the text for conistency. However, on the real exam you could see either of the terms. 

Performance of biometrics 

Different metrics can be used to rate the performance of a biometric factor, solution or application. The most common performance metrics are the False 
Acceptance Rate FAR and the False Rejection Rate FRR. 

When using a biometric application for the first time the user needs to enroll to the system. The system requests fingerprints, a voice recording or another biometric 
factor from the 

operator, this input is registered in the database as a template which is linked internally to a user ID. The next time when the user wants to authenticate or identify 
himself, the biometric input provided by the user is compared to the template(s) in the database by a matching algorithm which responds with acceptance (match) 
or rejection (no match). 

FAR and FRR 

The FAR or False Acceptance rate is the probability that the system incorrectly authorizes a non-authorized person, due to incorrectly matching the biometric input 
with a valid template. The FAR is normally expressed as a percentage, following the FAR definition this is the percentage of invalid inputs which are incorrectly 
accepted. 

The FRR or False Rejection Rate is the probability that the system incorrectly rejects access to an authorized person, due to failing to match the biometric input 
provided by the user with a stored template. The FRR is normally expressed as a percentage, following the FRR definition this is the percentage of valid inputs 
which are incorrectly rejected. 

FAR and FRR are very much dependent on the biometric factor that is used and on the technical implementation of the biometric solution. Furthermore the FRR is 
strongly person dependent, a personal FRR can be determined for each individual. 

Take this into account when determining the FRR of a biometric solution, one person is insufficient to establish an overall FRR for a solution. Also FRR might 
increase due to environmental conditions or incorrect use, for example when using dirty fingers on a fingerprint reader. Mostly the FRR lowers when a user gains 
more experience in how to use the biometric device or software. 

FAR and FRR are key metrics for biometric solutions, some biometric devices or software even allow to tune them so that the system more quickly matches or 
rejects. Both FRR and FAR are important, but for most applications one of them is considered most important. Two examples to illustrate this: 

When biometrics are used for logical or physical access control, the objective of the application is to disallow access to unauthorized individuals under all 
circumstances. It is clear that a very low FAR is needed for such an application, even if it comes at the price of a higher FRR. 

When surveillance cameras are used to screen a crowd of people for missing children, the objective of the application is to identify any missing children that come 
up on the screen. When the identification of those children is automated using a face recognition software, this software has to be set up with a low FRR. As such 
a higher number of matches will be false positives, but these can be reviewed quickly by surveillance personnel. 

False Acceptance Rate is also called False Match Rate, and False Rejection Rate is sometimes referred to as False Non-Match Rate. 

crossover error rate 
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Sensitivity 


crossover error rate 

Above see a graphical representation of FAR and FRR errors on a graph, indicating the CER 

CER 

The Crossover Error Rate or CER is illustrated on the graph above. It is the rate where both FAR and FRR are equal. 

The matching algorithm in a biometric software or device uses a (configurable) threshold which determines how close to a template the input must be for it to be 
considered a match. This threshold value is in some cases referred to as sensitivity, it is marked on the X axis of the plot. When you reduce this threshold there will 
be more false acceptance errors (higher FAR) and less false rejection errors (lower FRR), a higher threshold will lead to lower FAR and higher FRR. 

Speed 

Most manufacturers of biometric devices and softwares can give clear numbers on the time it takes to enroll as well on the time for an individual to be 
authenticated or identified using their application. If soeed is important then take your time to consider this, 5 seconds might seem a short time on paper or when 
testing a device but if hundreds of people will use the device multiple times a day the cumulative loss of time might be significant. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third 

Edition ((ISC)2 Press) (Kindle Locations 2723-2731). Auerbach Publications. Kindle Edition. 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. 

and 

http :/Awww.biometric-solutions.com/index.php?story=performance_biometrics 


NEW QUESTION 77 
- (Topic 1) 
Which of the following is true about Kerberos? 


A. It utilizes public key cryptography. 

B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text. 
C. It depends upon symmetric ciphers. 

D. It is a second party authentication system. 


Answer: C 


Explanation: 

Kerberos depends on secret keys (symmetric ciphers). Kerberos is a third party authentication protocol. It was designed and developed in the mid 1980's by MIT. 
It is considered open source but is copyrighted and owned by MIT. It relies on the user's secret keys. The password is used to encrypt and decrypt the keys. 

The following answers are incorrect: 

It utilizes public key cryptography. Is incorrect because Kerberos depends on secret keys 

(symmetric ciphers). 

It encrypts data after a ticket is granted, but passwords are exchanged in plain text. Is incorrect because the passwords are not exchanged but used for encryption 
and decryption of the keys. 

It is a second party authentication system. Is incorrect because Kerberos is a third party authentication system, you authenticate to the third party (Kerberos) and 
not the system you are accessing. 

References: 

MIT http://web.mit.edu/kerberos/ 

Wikipedi http://en.wikipedia.org/wiki/Kerberos_%28protocol%29 

OIG CBK Access Control (pages 181 - 184) AlOv3 Access Control (pages 151 - 155) 


NEW QUESTION 82 
- (Topic 1) 
Which type of control is concerned with avoiding occurrences of risks? 


A. Deterrent controls 

B. Detective controls 

C. Preventive controls 

D. Compensating controls 


Answer: C 


Explanation: 

Preventive controls are concerned with avoiding occurrences of risks while deterrent controls are concerned with discouraging violations. Detecting controls 
identify occurrences and compensating controls are alternative controls, used to compensate weaknesses in other controls. Supervision is an example of 
compensating control. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 


NEW QUESTION 87 
- (Topic 1) 
What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate? 
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A. False Rejection Rate (FRR) or Type | Error 

B. False Acceptance Rate (FAR) or Type II Error 
C. Crossover Error Rate (CER) 

D. Failure to enroll rate (FTE or FER) 


Answer: C 


Explanation: 

The percentage at which the False Rejection Rate equals the False Acceptance Rate is called the Crossover Error Rate (CER). Another name for the CER is the 
Equal Error Rate (EER), any of the two terms could be used. 

Equal error rate or crossover error rate (EER or CER) 

It is the rate at which both accept and reject errors are equal. The EER is a quick way to compare the accuracy of devices with different ROC curves. In general, 
the device with the lowest EER is most accurate. 

The other choices were all wrong answers: 

The following are used as performance metrics for biometric systems: 

false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the 
database. It measures the percent of invalid inputs which are incorrectly accepted. This is when an impostor would be accepted by the system. 

False reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template 
in the database. It measures the percent of valid inputs which are incorrectly rejected. This is when a valid company employee would be rejected by the system. 
Failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality 
inputs. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38. 

and https://en.wikipedia.org/wiki/Biometrics 


NEW QUESTION 90 
- (Topic 1) 
Kerberos can prevent which one of the following attacks? 


A. tunneling attack. 

B. playback (replay) attack. 
C. destructive attack. 

D. process attack. 


Answer: B 


Explanation: 

Each ticket in Kerberos has a timestamp and are subject to time expiration to 

help prevent these types of attacks. The following answers are incorrect: 

tunneling attack. This is incorrect because a tunneling attack is an attempt to bypass security and access low-level systems. Kerberos cannot totally prevent these 
types of attacks. 

destructive attack. This is incorrect because depending on the type of destructive attack, Kerberos cannot prevent someone from physically destroying a server. 
process attack. This is incorrect because with Kerberos cannot prevent an authorzied individuals from running processes. 


NEW QUESTION 93 
- (Topic 1) 
What is called a sequence of characters that is usually longer than the allotted number for a password? 


A. passphrase 

B. cognitive phrase 
C. anticipated phrase 
D. Real phrase 


Answer: A 


Explanation: 
A passphrase is a sequence of characters that is usually longer than the allotted number for a password. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, page 37. 


NEW QUESTION 96 
- (Topic 1) 
Which of the following is not a logical control when implementing logical access security? 


A. access profiles. 

B. userids. 

C. employee badges. 
D. passwords. 


Answer: C 


Explanation: 

Employee badges are considered Physical so would not be a logical control. The following answers are incorrect: 

userids. Is incorrect because userids are a type of logical control. 

access profiles. Is incorrect because access profiles are a type of logical control. passwords. Is incorrect because passwords are a type of logical control. 


NEW QUESTION 99 
- (Topic 1) 
What does the simple integrity axiom mean in the Biba model? 
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A. No write down 
B. No read down 
C. No read up 
D. No write up 


Answer: B 


Explanation: 

The simple integrity axiom of the Biba access control model states that a subject at one level of integrity is not permitted to observe an object of a lower integrity 
(no read down). 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architectures and Models (page 205). 


NEW QUESTION 101 
- (Topic 1) 
Which of the following is NOT a compensating measure for access violations? 


A. Backups 

B. Business continuity planning 
C. Insurance 

D. Security awareness 


Answer: D 


Explanation: 

Security awareness is a preventive measure, not a compensating measure for access violations. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 50). 


NEW QUESTION 105 
- (Topic 1) 
Which of the following access control models requires defining classification for objects? 


A. Role-based access control 

B. Discretionary access control 
C. Identity-based access control 
D. Mandatory access control 


Answer: D 


Explanation: 

With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance, and 
classification of objects. 

The Following answers were incorrect: 

Identity-based Access Control is a type of Discretionary Access Control (DAC), they are synonymous. 

Role Based Access Control (RBAC) and Rule Based Access Control (RUBAC or RBAC) are types of Non Discretionary Access Control (NDAC). 

Tip: 

When you have two answers that are synonymous they are not the right choice for sure. 

There is only one access control model that makes use of Label, Clearances, and Categories, it is Mandatory Access Control, none of the other one makes use of 
those items. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access 
control systems (page 33). 


NEW QUESTION 106 
- (Topic 1) 
Which of the following is NOT part of the Kerberos authentication protocol? 


A. Symmetric key cryptography 
B. Authentication service (AS) 
C. Principals 

D. Public Key 


Answer: D 


Explanation: 

There is no such component within kerberos environment. Kerberos uses only symmetric encryption and does not make use of any public key component. 
The other answers are incorrect because : 

Symmetric key cryptography is a part of Kerberos as the KDC holds all the users' and 

services’ secret keys. 

Authentication service (AS) : KDC (Key Distribution Center) provides an authentication service 

Principals : Key Distribution Center provides services to principals , which can be users , applications or network services. 

References: Shon Harris , AIO v3 , Chapter - 4: Access Control , Pages : 152-155. 


NEW QUESTION 111 
- (Topic 1) 
What is one disadvantage of content-dependent protection of information? 


A. It increases processing overhead. 
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B. It requires additional password entry. 
C. It exposes the system to data locking. 
D. It limits the user's individual address space. 


Answer: A 


Explanation: 
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 


NEW QUESTION 113 
- (Topic 1) 
The following is NOT a security characteristic we need to consider while choosing a biometric identification systems: 


A. data acquisition process 
B. cost 

C. enrollment process 

D. speed and user interface 


Answer: B 


Explanation: 

Cost is a factor when considering Biometrics but it is not a security characteristic. 

All the other answers are incorrect because they are security characteristics related to Biometrics. 

data acquisition process can cause a security concern because if the process is not fast and efficient it can discourage individuals from using the process. 
enrollment process can cause a security concern because the enrollment process has to be quick and efficient. This process captures data for authentication. 
speed and user interface can cause a security concern because this also impacts the users acceptance rate of biometrics. If they are not comfortable with the 
interface and speed they might sabotage the devices or otherwise attempt to circumvent them. 

References: 

OIG Access Control (Biometrics) (pgs 165-167) 

From: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, Pages 5-6. 

in process of correction 


NEW QUESTION 118 
- (Topic 1) 
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to? 


A. llliminated at nine feet high with at least three foot-candles 
B. Illiminated at eight feet high with at least three foot-candles 
C. llliminated at eight feet high with at least two foot-candles 
D. Illuminated at nine feet high with at least two foot-candles 


Answer: B 


Explanation: 

The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet 
high with at least two foot-candles. 

It can also be referred to as illuminating to a height of eight feet, with a BRIGHTNESS of two foot-candles. 

One footcandle 10.764 lux. The footcandle (or lumen per square foot) is a non-Sl unit of illuminance. Like the BTU, it is obsolete but it is still in fairly common use 
in the United States, particularly in construction-related engineering and in building codes. Because lux and footcandles are different units of the same quantity, it 
is perfectly valid to convert footcandles to lux and vice versa. 

The name "footcandle" conveys "the illuminance cast on a surface by a one-candela source one foot away." As natural as this sounds, this style of name is now 
frowned upon, because the dimensional formula for the unit is not foot * candela, but lumens per square foot. 

Some sources do however note that the "lux" can be thought of as a "metre-candle" (i.e. the illuminance cast on a surface by a one-candela source one meter 
away). A source that is farther away casts less illumination than one that is close, so one lux is less illuminance than one footcandle. Since illuminance follows the 
inverse-square law, and since one foot = 0.3048 m, one lux = 0.30482 footcandle 1/10.764 footcandle. 

TIPS FROM CLEMENT: 

Illuminance (light level) ?C The amount of light, measured in foot-candles (US unit), that falls n a surface, either horizontal or vertical. 

Parking lots lighting needs to be an average of 2 foot candles; uniformity of not more than 3:1, no area less than 1 fc. 

All illuminance measurements are to be made on the horizontal plane with a certified light meter calibrated to NIST standards using traceable light sources. 

The CISSP Exam Cram 2 from Michael Gregg says: Lighting is a commonly used form of perimeter protection. 

Some studies have found that up to 80% of criminal acts at businesses and shopping centers happen in adjacent parking lots. Therefore, it's easy to see why 
lighting can be such an important concern. 

Outside lighting discourages prowlers and thieves. 

The National Institute of Standards and Technologies (NIST) states that, for effective perimeter control, buildings should be illuminated 8 feet high, with 2-foot 
candle power. 

Reference used for this question: 

HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 325. 

and 

Shon's AIO v5 pg 459 and 

http://en.wikipedia.org/wiki/Foot-candle 


NEW QUESTION 122 
- (Topic 1) 
When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED? 


A. Type | error 

B. Type II error 

C. Type Ill error 
D. Crossover error 
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Answer: B 


Explanation: 

When the biometric system accepts impostors who should have been rejected , it is called a Type II error or False Acceptance Rate or False Accept Rate. 
Biometrics verifies an individual??s identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of 
verifying identification. 

Biometrics is a very sophisticated technology; thus, it is much more expensive and complex than the other types of identity verification processes. A biometric 
system can make authentication decisions based on an individual??s behavior, as in signature dynamics, but these can change over time and possibly be forged. 
Biometric systems that base authentication decisions on physical attributes (iris, retina, fingerprint) provide more accuracy, because physical attributes typically 
don??t change much, absent some disfiguring injury, and are harder to impersonate. 

When a biometric system rejects an authorized individual, it is called a Type | error (False Rejection Rate (FRR) or False Reject Rate (FRR)). 

When the system accepts impostors who should be rejected, it is called a Type II error (False Acceptance Rate (FAR) or False Accept Rate (FAR)). Type II errors 
are the most dangerous and thus the most important to avoid. 

The goal is to obtain low numbers for each type of error, but When comparing different biometric systems, many different variables are used, but one of the most 
important metrics is the crossover error rate (CER). 

The accuracy of any biometric method is measured in terms of Failed Acceptance Rate (FAR) and Failed Rejection Rate (FRR). Both are expressed as 
percentages. The FAR is the rate at which attempts by unauthorized users are incorrectly accepted as valid. The FRR is just the opposite. It measures the rate at 
which authorized users are denied access. 

The relationship between FRR (Type I) and FAR (Type II) is depicted in the graphic below . As one rate increases, the other decreases. The Cross-over Error Rate 
(CER) is sometimes considered a good indicator of the overall accuracy of a biometric system. This 

is the point at which the FRR and the FAR have the same value. Solutions with a lower CER are typically more accurate. 

See graphic below from Biometria showing this relationship. The Cross-over Error Rate (CER) is also called the Equal Error Rate (EER), the two are synonymous. 


FAR FRR 


EER 


Percentage of times a false reject (FRR) 


and faise accept (FAR) 


Treshold 


C:\Users\MCS\Desktop\1.jpg Cross Over Error Rate 

The other answers are incorrect: 

Type | error is also called as False Rejection Rate where a valid user is rejected by the system. 

Type Ill error : there is no such error type in biometric system. 

Crossover error rate stated in percentage , represents the point at which false rejection equals the false acceptance rate. 
Reference(s) used for this question: http:/Awww.biometria.sk/en/principles-of-biometrics.html 

and 

Shon Harris, CISSP All In One (AIO), 6th Edition , Chapter 3, Access Control, Page 188- 189 

and 

Tech Republic, Reduce Multi_Factor Authentication Cost 


NEW QUESTION 123 
- (Topic 1) 
What is the main focus of the Bell-LaPadula security model? 


A. Accountability 
B. Integrity 

C. Confidentiality 
D. Availability 


Answer: C 


Explanation: 

The Bell-LaPadula model is a formal model dealing with confidentiality. 

The Bell?CLaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in government and military applications. It was 
developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell to formalize the U.S. Department of Defense (DoD) 
multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use 
security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g."Top Secret"), down to the least sensitive (e.g., 
"Unclassified" or "Public”). 

The Bell?CLaPadula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model which describes 
rules for the protection of data integrity. In this formal model, the entities in an information system are divided into subjects and objects. 

The notion of a "secure state" is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby 
inductively proving that the system satisfies the security objectives of the model. The Bell?CLaPadula model is built on the concept of a state machine with a set of 
allowable states in a computer network system. The transition from one state to another state is defined by transition functions. 

A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a security policy. To determine whether a 
specific access mode is allowed, the clearance of a subject is compared to the classification of the object (more precisely, to the combination of classification and 
set of compartments, making up the security level) to determine if the subject is authorized for the specific access mode. 

The clearance/classification scheme is expressed in terms of a lattice. The model defines two mandatory access control (MAC) rules and one discretionary access 
control (DAC) rule with three security properties: 

The Simple Security Property - a subject at a given security level may not read an object at 

a higher security level (no read-up). 

The -property (read "star"-property) - a subject at a given security level must not write to any object at a lower security level (no write-down). The -property is also 
known as the Confinement property. 

The Discretionary Security Property - use of an access matrix to specify the discretionary access control. 

The following are incorrect answers: 

Accountability is incorrect. Accountability requires that actions be traceable to the user that performed them and is not addressed by the Bell-LaPadula model. 
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Integrity is incorrect. Integrity is addressed in the Biba model rather than Bell-Lapadula. Availability is incorrect. Availability is concerned with assuring that 
data/services are available to authorized users as specified in service level objectives and is not addressed by the Bell-Lapadula model. 

References: CBK, pp. 325-326 

AlO3, pp. 279 - 284 

AlOv4 Security Architecture and Design (pages 333 - 336) AlOv5 Security Architecture and Design (pages 336 - 338) 

Wikipedia at https://en.wikipedia.org/wiki/Bell-La_Padula_model 


NEW QUESTION 124 
- (Topic 1) 
What security model implies a central authority that define rules and sometimes global rules, dictating what subjects can have access to what objects? 


A. Flow Model 

B. Discretionary access control 

C. Mandatory access control 

D. Non-discretionary access control 


Answer: D 


Explanation: 

As a security administrator you might configure user profiles so that users cannot change the system??s time, alter system configuration files, access a command 
prompt, or install unapproved applications. This type of access control is referred to as nondiscretionary, meaning that access decisions are not made at the 
discretion of the user. Nondiscretionary access controls are put into place by an authoritative entity (usually a security administrator) with the goal of protecting the 
organization??s most critical assets. 

Non-discretionary access control is when a central authority determines what subjects can have access to what objects based on the organizational security policy. 
Centralized access control is not an existing security model. 

Both, Rule Based Access Control (RUBAC or RBAC) and Role Based Access Controls (RBAC) falls into this category. 

Reference(s) used for this question: 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 221). McGraw- Hill. Kindle Edition. 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access 
control systems (page 33). 


NEW QUESTION 126 

- (Topic 1) 

What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to 
both the local police/fire station and the appropriate headquarters? 


A. Central station alarm 

B. Proprietary alarm 

C. A remote station alarm 
D. An auxiliary station alarm 


Answer: D 


Explanation: 

Auxiliary station alarms automatically cause an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying 
to both the local police/fire station and the appropriate headquarters. They are usually Municipal Fire Alarm Boxes are installed at your business or building, they 
are wired directly into the fire station. 

Central station alarms are operated by private security organizations. It is very similar to a proprietary alarm system (see below). However, the biggest difference is 
the monitoring and receiving of alarm is done off site at a central location manned by non staff members. It is a third party. 

Proprietary alarms are similar to central stations alarms except that monitoring is performed directly on the protected property. This type of alarm is usually use to 
protect large industrials or commercial buildings. Each of the buildings in the same vincinity has their own alarm system, they are all wired together at a central 
location within one of the building acting as a common receiving point. This point is usually far away from the other building so it is not under the same danger. It is 
usually man 24 hours a day by a trained team who knows how to react under different conditions. 

A remote station alarm is a direct connection between the signal-initiating device at the protected property and the signal-receiving device located at a remote 
station, such as the fire station or usually a monitoring service. This is the most popular type of implementation and the owner of the premise must pay a monthly 
monitoring fee. This is what most people use in their home where they get a company like ADT to receive the alarms on their behalf. 

A remote system differs from an auxiliary system in that it does not use the municipal fire of police alarm circuits. 

Reference(s) used for this question: 

ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 11: Physical Security (page 211). 

and 

Great presentation J.T.A. Stone on SlideShare 


NEW QUESTION 129 
- (Topic 1) 
How can an individual/person best be identified or authenticated to prevent local masquarading attacks? 


A. Userld and password 

B. Smart card and PIN code 
C. Two-factor authentication 
D. Biometrics 


Answer: D 


Explanation: 

The only way to be truly positive in authenticating identity for access is to base the authentication on the physical attributes of the persons themselves (i.e., 
biometric 

identification). Physical attributes cannot be shared, borrowed, or duplicated. They ensure that you do identify the person, however they are not perfect and they 
would have to be supplemented by another factor. 

Some people are getting thrown off by the term Masquarade. In general, a masquerade is a disguise. In terms of communications security issues, a masquerade is 
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a type of attack where the attacker pretends to be an authorized user of a system in order to gain access to it or to gain greater privileges than they are authorized 
for. A masquerade may be attempted through the use of stolen logon IDs and passwords, through finding security gaps in programs, or through bypassing the 
authentication mechanism. Spoofing is another term used to describe this type of attack as well. 

A Userld only provides for identification. 

A password is a weak authentication mechanism since passwords can be disclosed, shared, written down, and more. 

A smart card can be stolen and its corresponding PIN code can be guessed by an intruder. A smartcard can be borrowed by a friend of yours and you would have 
no clue as to who is really logging in using that smart card. 

Any form of two-factor authentication not involving biometrics cannot be as reliable as a biometric system to identify the person. 

Biometric identifying verification systems control people. If the person with the correct hand, eye, face, signature, or voice is not present, the identification and 
verification cannot take place and the desired action (i.e., portal passage, data, or resource access) does not occur. 

As has been demonstrated many times, adversaries and criminals obtain and successfully use access cards, even those that require the addition of a PIN. This is 
because these systems control only pieces of plastic (and sometimes information), rather than people. Real asset and resource protection can only be 
accomplished by people, not cards and information, because unauthorized persons can (and do) obtain the cards and information. 

Further, life-cycle costs are significantly reduced because no card or PIN administration system or personnel are required. The authorized person does not lose 
physical characteristics (i.e., hands, face, eyes, signature, or voice), but cards and PINs are continuously lost, stolen, or forgotten. This is why card access 
systems require systems and people to administer, control, record, and issue (new) cards and PINs. Moreover, the cards are an expensive and recurring cost. 
NOTE FROM CLEMENT: 

This question has been generating lots of interest. The keyword in the question is: Individual (the person) and also the authenticated portion as well. 

| totally agree with you that Two Factors or Strong Authentication would be the strongest means of authentication. However the question is not asking what is the 
strongest mean of authentication, it is asking what is the best way to identify the user (individual) behind the technology. When answering questions do not make 
assumptions to facts not presented in the question or answers. 

Nothing can beat Biometrics in such case. You cannot lend your fingerprint and pin to someone else, you cannot borrow one of my eye balls to defeat the Iris or 
Retina scan. This is why it is the best method to authenticate the user. 

| think the reference is playing with semantics and that makes it a bit confusing. | have improved the question to make it a lot clearer and | have also improve the 
explanations attached with the question. 

The reference mentioned above refers to authenticating the identity for access. So the distinction is being made that there is identity and there is authentication. In 
the case of physical security the enrollment process is where the identity of the user would be validated and then the biometrics features provided by the user 
would authenticate the user on a one to one matching basis (for authentication) with the reference contained in the database of biometrics templates. In the case 
of system access, the user might have to provide a username, a pin, a passphrase, a smart card, and then provide his biometric attributes. 

Biometric can also be used for Identification purpose where you do a one to many match. You take a facial scan of someone within an airport and you attempt to 
match it with a large database of known criminal and terrorists. This is how you could use biometric for Identification. 

There are always THREE means of authentication, they are: Something you know (Type 1) 

Something you have (Type 2) 

Something you are (Type 3) 

Reference(s) used for this question: 

TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1) , 2000, CRC Press, Chapter 1, Biometric Identification 
(page 7). 

and 

Search Security at http://searchsecurity.techtarget.com/definition/masquerade 


NEW QUESTION 134 
- (Topic 1) 
Which of the following access control models introduces user security clearance and data classification? 


A. Role-based access control 

B. Discretionary access control 

C. Non-discretionary access control 
D. Mandatory access control 


Answer: D 


Explanation: 

The mandatory access control model is based on a security label system. Users are given a security clearance and data is classified. The classification is stored 
in the security labels of the resources. Classification labels specify the level of trust a user must have to access a certain file. 

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, Chapter 4: Access Control (Page 154). 


NEW QUESTION 139 
- (Topic 1) 
What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions? 


Dow 
mumog D> 


Answer: B 


Explanation: 

D or "minimal protection" is reserved for systems that were evaluated under the TCSEC but did not meet the requirements for a higher trust level. 

A is incorrect. A or "Verified Protectection" is the highest trust level under the TCSEC. E is incorrect. The trust levels are A - D so "E" is not a valid trust level. 
F is incorrect. The trust levels are A - D so "F" is not a valid trust level. 

CBK, pp. 329 - 330 

AIO3, pp. 302 - 306 


NEW QUESTION 144 
- (Topic 1) 
The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following? 


A. clipping level 
B. acceptance level 


Your Partner of IT Exam visit - httos:/www.exambible.com 


We recommend you to try the PREMIUM SSCP Dumps From Exambible 
exambible https:/www.exambible.com/SSCP-exam/ (1074 Q&As) 


C. forgiveness level 
D. logging level 


Answer: A 


Explanation: 

The correct answer is "clipping level". This is the point at which a system decides to take some sort of action when an action repeats a preset number of times. 
That action may be to log the activity, lock a user account, temporarily close a port, etc. 

Example: The most classic example of a clipping level is failed login attempts. If you have a system configured to lock a user's account after three failed login 
attemts, that is the "clipping level”. 

The other answers are not correct because: 

Acceptance level, forgiveness level, and logging level are nonsensical terms that do not exist (to my knowledge) within network security. 

Reference: 

Official ISC2 Guide - The term "clipping level" is not in the glossary or index of that book. | cannot find it in the text either. However, I'm quite certain that it would 
be considered part of the CBK, despite its exclusion from the Official Guide. 

Allin One Third Edition page: 136 - 137 


NEW QUESTION 145 

- (Topic 1) 

Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches 
on doors and windows are some of the examples of: 


A. Administrative controls 
B. Logical controls 

C. Technical controls 

D. Physical controls 


Answer: D 


Explanation: 

Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches 
on doors and windows are all examples of Physical Security. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 


NEW QUESTION 149 
- (Topic 1) 
Which of the following is most appropriate to notify an external user that session monitoring is being conducted? 


A. Logon Banners 

B. Wall poster 

C. Employee Handbook 
D. Written agreement 


Answer: A 


Explanation: 

Banners at the log-on time should be used to notify external users of any monitoring that is being conducted. A good banner will give you a better legal stand and 
also makes it obvious the user was warned about who should access the system and if it is an unauthorized user then he is fully aware of trespassing. 
This is a tricky question, the keyword in the question is External user. 

There are two possible answers based on how the question is presented, this question could either apply to internal users or ANY anonymous user. 

Internal users should always have a written agreement first, then logon banners serve as a constant reminder. 

Anonymous users, such as those logging into a web site, ftp server or even a mail server; their only notification system is the use of a logon banner. 

References used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 50. 
and 
Shon Harris, CISSP All-in-one, 5th edition, pg 873 


NEW QUESTION 150 
- (Topic 1) 
Which type of attack involves impersonating a user or a system? 


A. Smurfing attack 
B. Spoofing attack 
C. Spamming attack 
D. Sniffing attack 


Answer: B 


Explanation: 

A spoofing attack is when an attempt is made to gain access to a computer system by posing as an authorized user or system. Spamming refers to sending out or 
posting junk advertising and unsolicited mail. A smurf attack is a type of denial-of-service attack using PING and a spoofed address. Sniffing refers to observing 
packets passing on a network. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the 

Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 77). 


NEW QUESTION 153 
- (Topic 1) 
What is considered the most important type of error to avoid for a biometric access control system? 
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A. Type | Error 
B. Type II Error 
C. Combined Error Rate 
D. Crossover Error Rate 


Answer: B 


Explanation: 

When a biometric system is used for access control, the most important error is the false accept or false acceptance rate, or Type Il error, where the system would 
accept an impostor. 

A Type | error is known as the false reject or false rejection rate and is not as important in the security context as a type II error rate. A type one is when a valid 
company employee is rejected by the system and he cannot get access even thou it is a valid user. 

The Crossover Error Rate (CER) is the point at which the false rejection rate equals the false acceptance rate if your would create a graph of Type | and Type II 
errors. The lower the CER the better the device would be. 

The Combined Error Rate is a distracter and does not exist. 

Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 1, Biometric 
Identification (page 10). 


NEW QUESTION 154 
- (Topic 1) 
Which of the following best ensures accountability of users for the actions taken within a system or domain? 


A. Identification 
B. Authentication 
C. Authorization 
D. Credentials 


Answer: B 


Explanation: 

Details: 

The only way to ensure accountability is if the subject is uniquely identified and authenticated. Identification alone does not provide proof the user is who they claim 
to be. After showing proper credentials, a user is authorized access to resources. 

References: 

HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 126). 


NEW QUESTION 158 
- (Topic 1) 
Why do buffer overflows happen? What is the main cause? 


A. Because buffers can only hold so much data 

B. Because of improper parameter checking within the application 
C. Because they are an easy weakness to exploit 

D. Because of insufficient system memory 


Answer: B 


Explanation: 

Buffer Overflow attack takes advantage of improper parameter checking within the application. This is the classic form of buffer overflow and occurs because the 
programmer accepts whatever input the user supplies without checking to make sure that the length of the input is less than the size of the buffer in the program. 
The buffer overflow problem is one of the oldest and most common problems in software development and programming, dating back to the introduction of 
interactive computing. It can result when a program fills up the assigned buffer of memory with more data than its buffer can hold. When the program begins to 
write beyond the end of the buffer, the program??s execution path can be changed, or data can be written into areas used by the operating system itself. This can 
lead to the insertion of malicious code that can be used to gain administrative privileges on the program or system. 

As explained by Gaurab, it can become very complex. At the time of input even if you are checking the length of the input, it has to be check against the buffer 
size. Consider a case where entry point of data is stored in Buffer1 of Application! and then you copy it to Buffer2 within Application2 later on, if you are just 
checking the length of data against Buffer1, it will 

not ensure that it will not cause a buffer overflow in Buffer2 of Application2. 

A bit of reassurance from the ISC2 book about level of Coding Knowledge needed for the exam: 

It should be noted that the CISSP is not required to be an expert programmer or know the inner workings of developing application software code, like the 
FORTRAN programming language, or how to develop Web applet code using Java. It is not even necessary that the CISSP know detailed security-specific coding 
practices such as the major divisions of buffer overflow exploits or the reason for preferring str(n)cpy to strcpy in the C language (although all such knowledge is, of 
course, helpful). Because the CISSP may be the person responsible for ensuring that security is included in such developments, the CISSP should know the basic 
procedures and concepts involved during the design and development of software programming. That is, in order for the CISSP to monitor the software 
development process and verify that security is included, the CISSP must understand the fundamental concepts of programming developments and the security 
strengths and weaknesses of various application development processes. 

The following are incorrect answers: 

"Because buffers can only hold so much data" is incorrect. This is certainly true but is not the best answer because the finite size of the buffer is not the problem -- 
the problem is that the programmer did not check the size of the input before moving it into the buffer. 

"Because they are an easy weakness to exploit" is incorrect. This answer is sometimes true but is not the best answer because the root cause of the buffer 
overflow is that the programmer did not check the size of the user input. 

"Because of insufficient system memory” is incorrect. This is irrelevant to the occurrence of a buffer overflow. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 13319-13323). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 161 
- (Topic 1) 
Access Control techniques do not include which of the following choices? 
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A. Relevant Access Controls 
B. Discretionary Access Control 
C. Mandatory Access Control 
D. Lattice Based Access Control 


Answer: A 


Explanation: 

Access Control Techniques Discretionary Access Control 

Mandatory Access Control Lattice Based Access Control Rule-Based Access Control Role-Based Access Control 

Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 13. 


NEW QUESTION 165 
- (Topic 1) 
In Mandatory Access Control, sensitivity labels attached to object contain what information? 


A. The item's classification 

B. The item's classification and category set 
C. The item's category 

D. The items's need to know 


Answer: B 


Explanation: 

A Sensitivity label must contain at least one classification and one category set. 

Category set and Compartment set are synonyms, they mean the same thing. The sensitivity label must contain at least one Classification and at least one 
Category. It is common in some environments for a single item to belong to multiple categories. The list of all the categories to which an item belongs is called a 
compartment set or category set. 

The following answers are incorrect: 

the item's classification. Is incorrect because you need a category set as well. 

the item's category. Is incorrect because category set and classification would be both be required. 

The item's need to know. Is incorrect because there is no such thing. The need to know is indicated by the catergories the object belongs to. This is NOT the best 
answer. 

Reference(s) used for this question: 

OIG CBK, Access Control (pages 186 - 188) 

AIO, 3rd Edition, Access Control (pages 162 - 163) AIO, 4th Edittion, Access Control, pp 212-214. 

Wikipedia - http://en.wikipedia.org/wiki/Mandatory_Access_Control 


NEW QUESTION 169 
- (Topic 1) 
Which of the following does not apply to system-generated passwords? 


A. Passwords are harder to remember for users. 

B. If the password-generating algorithm gets to be known, the entire system is in jeopardy. 
C. Passwords are more vulnerable to brute force and dictionary attacks. 

D. Passwords are harder to guess for attackers. 


Answer: C 


Explanation: 

Users tend to choose easier to remember passwords. System-generated 

passwords can provide stronger, harder to guess passwords. Since they are based on rules provided by the administrator, they can include combinations of 
uppercase/lowercase letters, numbers and special characters, making them less vulnerable to brute force and dictionary attacks. One danger is that they are also 
harder to remember for users, who will tend to write them down, making them more vulnerable to anyone having access to the user's desk. Another danger with 
system-generated passwords is that if the password- generating algorithm gets to be known, the entire system is in jeopardy. 

Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (page 64). 


NEW QUESTION 172 
- (Topic 1) 
Which TCSEC level is labeled Controlled Access Protection? 


Answer: B 


Explanation: 

C2 is labeled Controlled Access Protection. 

The TCSEC defines four divisions: D, C, B and A where division A has the highest security. Each division represents a significant difference in the trust an 
individual or organization 

can place on the evaluated system. Additionally divisions C, B and A are broken into a series of hierarchical subdivisions called classes: C1, C2, B1, B2, B3 and 
Al. 

Each division and class expands or modifies as indicated the requirements of the immediately prior division or class. 

D ?? Minimal protection 

Reserved for those systems that have been evaluated but that fail to meet the requirements for a higher division 

C ?? Discretionary protection 

C1 ?? Discretionary Security Protection Identification and authentication Separation of users and data 

Discretionary Access Control (DAC) capable of enforcing access limitations on an individual basis 
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Required System Documentation and user manuals C2 ?? Controlled Access Protection 

More finely grained DAC 

Individual accountability through login procedures Audit trails 

Object reuse Resource isolation 

B ?? Mandatory protection 

B1 ?? Labeled Security Protection 

Informal statement of the security policy model Data sensitivity labels 

Mandatory Access Control (MAC) over selected subjects and objects Label exportation capabilities 

All discovered flaws must be removed or otherwise mitigated Design specifications and verification 

B2 ?? Structured Protection 

Security policy model clearly defined and formally documented DAC and MAC enforcement extended to all subjects and objects 

Covert storage channels are analyzed for occurrence and bandwidth Carefully structured into protection-critical and non-protection-critical elements Design and 
implementation enable more comprehensive testing and review Authentication mechanisms are strengthened 

Trusted facility management is provided with administrator and operator segregation Strict configuration management controls are imposed 

B3 ?? Security Domains 

Satisfies reference monitor requirements 

Structured to exclude code not essential to security policy enforcement Significant system engineering directed toward minimizing complexity Security 
administrator role defined 

Audit security-relevant events 

Automated imminent intrusion detection, notification, and response Trusted system recovery procedures 

Covert timing channels are analyzed for occurrence and bandwidth 

An example of such a system is the XTS-300, a precursor to the XTS-400 A ?? Verified protection 

A1 ?? Verified Design Functionally identical to B3 

Formal design and verification techniques including a formal top-level specification Formal management and distribution procedures 

An example of such a system is Honeywell's Secure Communications Processor SCOMP, a precursor to the XTS-400 

Beyond A1 

System Architecture demonstrates that the requirements of self-protection and completeness for reference monitors have been implemented in the Trusted 
Computing Base (TCB). 

Security Testing automatically generates test-case from the formal top-level specification or formal lower-level specifications. 

Formal Specification and Verification is where the TCB is verified down to the source code level, using formal verification methods where feasible. 
Trusted Design Environment is where the TCB is designed in a trusted facility with only trusted (cleared) personnel. 

The following are incorrect answers: C1 is Discretionary security 

C3 does not exists, it is only a detractor 

B1 is called Labeled Security Protection. 

Reference(s) used for this question: 

HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999. 

and 

AlOv4 Security Architecture and Design (pages 357 - 361) AlOv5 Security Architecture and Design (pages 358 - 362) 


NEW QUESTION 177 
- (Topic 1) 
Which security model introduces access to objects only through programs? 


A. The Biba model 

B. The Bell-LaPadula model 
C. The Clark-Wilson model 

D. The information flow model 


Answer: C 


Explanation: 

In the Clark-Wilson model, the subject no longer has direct access to objects but instead must access them through programs (well -formed transactions). 

The Clark?CWilson integrity model provides a foundation for specifying and analyzing an integrity policy for a computing system. 

The model is primarily concerned with formalizing the notion of information integrity. Information integrity is maintained by preventing corruption of data items ina 
system due to either error or malicious intent. An integrity policy describes how the data items in the system should be kept valid from one state of the system to 
the next and specifies the capabilities of various principals in the system. The model defines enforcement rules and certification rules. 

Clark?CWilson is more clearly applicable to business and industry processes in which the integrity of the information content is paramount at any level of 
classification. 

Integrity goals of Clark?CWilson model: 

Prevent unauthorized users from making modification (Only this one is addressed by the Biba model). 

Separation of duties prevents authorized users from making improper modifications. Well formed transactions: maintain internal and external consistency i.e. it is a 
series of operations that are carried out to transfer the data from one consistent state to the other. 

The following are incorrect answers: 

The Biba model is incorrect. The Biba model is concerned with integrity and controls access to objects based on a comparison of the security level of the subject to 
that of the object. 

The Bell-LaPdaula model is incorrect. The Bell-LaPaula model is concerned with confidentiality and controls access to objects based on a comparison of the 
clearence level of the subject to the classification level of the object. 

The information flow model is incorrect. The information flow model uses a lattice where objects are labelled with security classes and information can flow either 
upward or at the 

same level. It is similar in framework to the Bell-LaPadula model. References: 

ISC2 Official Study Guide, Pages 325 - 327 AlO3, pp. 284 - 287 

AlOv4 Security Architecture and Design (pages 338 - 342) AlOv5 Security Architecture and Design (pages 341 - 344) Wikipedia at: 
https://en.wikipedia.org/wiki/Clark-Wilson_model 


NEW QUESTION 181 

- (Topic 1) 

Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain 
access to unauthorized data? 


A. Limiting the local access of operations personnel 
B. Job rotation of operations personnel 
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C. Management monitoring of audit logs 
D. Enforcing regular password changes 


Answer: A 


Explanation: 

The questions specifically said: "within a different function” which eliminate Job Rotation as a choice. 

Management monitoring of audit logs is a detective control and it would not prevent collusion. 

Changing passwords regularly would not prevent such attack. 

This question validates if you understand the concept of separation of duties and least privilege. By having operators that have only the minimum access level they 
need and only what they need to do their duties within a company, the operations personnel would be force to use collusion to defeat those security mechanism. 
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 


NEW QUESTION 182 
- (Topic 1) 
Which of the following are additional access control objectives? 


A. Consistency and utility 
B. Reliability and utility 

C. Usefulness and utility 
D. Convenience and utility 


Answer: B 


Explanation: 

Availability assures that a system's authorized users have timely and uninterrupted access to the information in the system. The additional access control 
objectives are reliability and utility. These and other related objectives flow from the organizational security policy. This policy is a high-level statement of 
management intent regarding the control of access to information and the personnel who are authorized to receive that information. Three things that must be 
considered for the planning and implementation of access control mechanisms are the threats to the system, the system's vulnerability to these threats, and the 
risk that the threat may materialize 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32. 


NEW QUESTION 185 
- (Topic 1) 
Password management falls into which control category? 


A. Compensating 
B. Detective 

C. Preventive 

D. Technical 


Answer: C 


Explanation: 

Password management is an example of preventive control. Proper passwords prevent unauthorized users from accessing a system. 

There are literally hundreds of different access approaches, control methods, and technologies, both in the physical world and in the virtual electronic world. Each 
method addresses a different type of access control or a specific access need. 

For example, access control solutions may incorporate identification and authentication mechanisms, filters, rules, rights, logging and monitoring, policy, and a 
plethora of other 

controls. However, despite the diversity of access control methods, all access control systems can be categorized into seven primary categories. 

The seven main categories of access control are: 

1. Directive: Controls designed to specify acceptable rules of behavior within an organization 

. Deterrent: Controls designed to discourage people from violating security directives 

. Preventive: Controls implemented to prevent a security incident or information breach 

. Compensating: Controls implemented to substitute for the loss of primary controls and mitigate risk down to an acceptable level 

. Detective: Controls designed to signal a warning when a security control has been breached 

. Corrective: Controls implemented to remedy circumstance, mitigate damage, or restore controls 

7. Recovery: Controls implemented to restore conditions to normal after a security incident Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third 

Edition ((ISC)2 Press) (Kindle Locations 1156-1176). Auerbach Publications. Kindle Edition. 
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NEW QUESTION 187 

- (Topic 1) 

An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is 
known as a(n): 


A. active attack 
B. outside attack 
C. inside attack 
D. passive attack 


Answer: C 


Explanation: 

An inside attack is an attack initiated by an entity inside the security perimeter, an entity that is authorized to access system resources but uses them in a way not 
approved by those who granted the authorization whereas an outside attack is initiated from outside the perimeter, by an unauthorized or illegitimate user of the 
system. An active attack attempts to alter system resources to affect their operation and a passive attack attempts to learn or make use of the information from the 
system but does not affect system resources. 

Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. 
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NEW QUESTION 191 
- (Topic 1) 
What are called user interfaces that limit the functions that can be selected by a user? 


A. Constrained user interfaces 
B. Limited user interfaces 

C. Mini user interfaces 

D. Unlimited user interfaces 


Answer: A 


Explanation: 

Constrained user interfaces limit the functions that can be selected by a user. 

Another method for controlling access is by restricting users to specific functions based on their role in the system. This is typically implemented by limiting 
available menus, data views, encryption, or by physically constraining the user interfaces. 

This is common on devices such as an automated teller machine (ATM). The advantage of a constrained user interface is that it limits potential avenues of attack 
and system failure by restricting the processing options that are available to the user. 

On an ATM machine, if a user does not have a checking account with the bank he or she will not be shown the ??Withdraw money from checking?? option. 
Likewise, an information system might have an ??Add/Remove Users?? menu option for administrators, but if a normal, non-administrative user logs in he or she 
will not even see that menu option. By not even identifying potential options for non-qualifying users, the system limits the potentially harmful execution of 
unauthorized system or application commands. 

Many database management systems have the concept of ??views.?? A database view is an extract of the data stored in the database that is filtered based on 
predefined user or system criteria. This permits multiple users to access the same database while only having the ability to access data they need (or are allowed 
to have) and not data for another user. The use of database views is another example of a constrained user interface. 

The following were incorrect answers: 

All of the other choices presented were bogus answers. 

The following reference(s) were used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1989-2002). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 192 
- (Topic 1) 
An alternative to using passwords for authentication in logical or technical access control is: 


A. manage without passwords 

B. biometrics 

C. not there 

D. use of them for physical access control 


Answer: B 


Explanation: 

An alternative to using passwords for authentication in logical or technical access control is biometrics. Biometrics are based on the Type 3 authentication 
mechanism-something you are. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. 


NEW QUESTION 195 
- (Topic 1) 
Which of the following is NOT a technique used to perform a penetration test? 


A. traffic padding 

B. scanning and probing 
C. war dialing 

D. sniffing 


Answer: A 


Explanation: 

Traffic padding is a countermeasure to traffic analysis. 

Even if perfect cryptographic routines are used, the attacker can gain knowledge of the amount of traffic that was generated. The attacker might not know what 
Alice and Bob were talking about, but can know that they were talking and how much they talked. In certain circumstances this can be very bad. Consider for 
example when a military is organising a secret attack against another nation: it may suffice to alert the other nation for them to know merely that there is a lot of 
secret activity going on. 

As another example, when encrypting Voice Over IP streams that use variable bit rate encoding, the number of bits per unit of time is not obscured, and this can 
be exploited to guess spoken phrases. 

Padding messages is a way to make it harder to do traffic analysis. Normally, a number of random bits are appended to the end of the message with an indication 
at the end how much this random data is. The randomness should have a minimum value of 0, a maximum number of N and an even distribution between the two 
extremes. Note, that increasing 0 does not help, only increasing N helps, though that also means that a lower percentage of the channel will be used to transmit 
real data. Also note, that since the cryptographic routine is assumed to be uncrackable (otherwise the padding length itself is crackable), it does not help to put the 
padding anywhere else, e.g. at the beginning, in the middle, or in a sporadic manner. 

The other answers are all techniques used to do Penetration Testing. References: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 233, 238. 

and https://secure.wikimedia.org/wikipedia/en/wiki/Padding_%28cryptography%29#T raffic_anal ysis 


NEW QUESTION 198 

- (Topic 1) 

Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection? 
A.B 
B.A 
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C.C 
D. D 
Answer: A 


Explanation: 

B level is the first Mandatory Access Control Level. 

First published in 1983 and updated in 1985, the TCSEC, frequently referred to as the Orange Book, was a United States Government Department of Defense 
(DoD) standard that sets basic standards for the implementation of security protections in computing systems. Primarily intended to help the DoD find products that 
met those basic standards, TCSEC was used to evaluate, classify, and select computer systems being considered for 

the processing, storage, and retrieval of sensitive or classified information on military and government systems. As such, it was strongly focused on enforcing 
confidentiality with no focus on other aspects of security such as integrity or availability. Although it has since been superseded by the common criteria, it 
influenced the development of other product evaluation criteria, and some of its basic approach and terminology continues to be used. 

Reference used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 17920-17926). Auerbach 
Publications. Kindle Edition. 

and 

THE source for all TCSEC "level" questions: http://csrc.nist.gov/publications/secpubs/rainbow/std001 .txt (paragraph 3 for this one) 


NEW QUESTION 202 
- (Topic 1) 
What security model is dependent on security labels? 


A. Discretionary access control 

B. Label-based access control 

C. Mandatory access control 

D. Non-discretionary access control 


Answer: C 


Explanation: 

With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance, and 
the classification or sensitivity of the object. Label-based access control is not defined. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: 
Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33). 


NEW QUESTION 207 
- (Topic 1) 
Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette? 


A. Degaussing 

B. Parity Bit Manipulation 
C. Zeroization 

D. Buffer overflow 


Answer: A 


Explanation: 

A "Degausser (Otherwise known as a Bulk Eraser) has the main function of reducing to near zero the magnetic flux stored in the magnetized medium. Flux density 
is measured in Gauss or Tesla. The operation is speedier than overwriting and done in one short operation. This is achieved by subjecting the subject in bulk to a 
series of fields of alternating polarity and gradually decreasing strength. 

The following answers are incorrect:Parity Bit Manipulation. Parity has to do with disk lerror detection, not data removal. A bit or series of bits appended to a 
character or block of characters to ensure that the information received is the same as the infromation that was sent. 

Zeroization. Zeroization involves overwrting data to sanitize it. It is time-consuming and not foolproof. The potential of restoration of data does exist with this 
method. 

Buffer overflow. This is a detractor. Although many Operating Systems use a disk buffer to temporarily hold data read from disk, its primary purpose has no 
connection to data removal. An overflow goes outside the constraints defined for the buffer and is a method used by an attacker to attempt access to a system. 
The following reference(s) were/was used to create this question: Shon Harris AlO v3. pg 908 

Reference: What is degaussing. 


NEW QUESTION 208 
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